Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Started with Virtumonde...


  • Please log in to reply
3 replies to this topic

#1 Impending_Sleep

Impending_Sleep

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 04 January 2009 - 05:51 PM

I was surfing the web to find a spot to watch a movie, first mistake. After entering a site, I knew I was in trouble, my virus protection popped up saying I had a bug, AVG FREE, I started freaking out and a "virus check" popped up soon after. I clicked it, stupidly, and everything went down hill, my computer started going slow, pop ups, porn links, everything. So eventually my computer froze and I had to restart it, once I did, everything was running a bit smoother, I loaded AVG and had it do a scan, it found a lot of stuff and I removed it all, but there were still issues... So I searched the web and found suggested things like Malwarebytes and virtumonde-be-gone and vundofix. Oh, I also did a spybot search and destroy fix. well, everything seemed better, but the next day I started getting this window that would pop up, the page didn't load or anything it was sirblus.com or something along those lines. that's when I knew, everything wasn't gone... Now, my computer shows random errors saying things have crashed and closed, and just a minute ago my whole computer crashed and said "turning off in 60 seconds". So I am in quite the need of assistance. I followed the tutorial and attempted to backup my files, but it seemed there was some sort of error with creating the G:\ like it says in the tutorial. my log from DDS is... and thanks in advanced for any help given!!! :-)



DDS (Version 1.1.0) - NTFSx86
Run by Kelso at 15:23:28.54 on Sun 01/04/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1549 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\winsys2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Cobian Backup 9\Cobian.exe
C:\Program Files\Cobian Backup 9\cbInterface.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\All Users\Documents\dds.scr

============== Pseudo HJT Report ===============

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
{380db8d4-a512-48d5-8f65-d7a69796bde6}
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: {49302f68-4cfb-1cea-da44-c1d2a186abda}: {adba681a-2d1c-44ad-aec1-bfc486f20394} - c:\windows\system32\wnfrfv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Aim6]
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [P17Helper] Rundll32 P17.dll,P17Helper
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [SW24] c:\windows\system32\sw24.exe
mRun: [WinSys2] c:\windows\system32\winsys2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [msiexec.exe] msiconf.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Notify: khfFuVLB - khfFuVLB.dll
AppInit_DLLs: wnfrfv.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\kelso\applic~1\mozilla\firefox\profiles\kie9e0iu.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/radio2/shows/brand/
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\windows\system32\npmirage.dll
FF - plugin: c:\windows\system32\NPSWF32.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll

============= SERVICES / DRIVERS ===============

R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2008-5-23 13696]
R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [2008-6-26 16768]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-6-27 24652]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2008-6-27 16512]
S3 BS_Flash;BS_Flash;c:\program files\tseries bios update\award\BS_Flash.sys [2008-6-26 3604]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]

=============== Created Last 30 ================

2009-01-04 15:04 <DIR> --d----- c:\program files\Cobian Backup 9
2009-01-04 14:12 <DIR> --d----- C:\VundoFix Backups
2009-01-04 14:01 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-04 14:01 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-04 14:01 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-04 13:58 754 a------- c:\windows\WORDPAD.INI
2009-01-03 12:07 73,728 a------- c:\windows\system32\javacpl.cpl
2009-01-03 02:18 24,576 a------- c:\windows\system32\VundoFixSVC.exe
2009-01-02 23:58 <DIR> --d----- c:\docume~1\kelso\applic~1\Malwarebytes
2009-01-02 23:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-02 22:11 95 a------- c:\windows\wininit.ini
2009-01-02 21:53 134,144 a------- c:\windows\system32\wnfrfv.dll
2009-01-02 21:53 134,144 a------- c:\windows\system32\jnracmma.dll
2008-12-25 18:17 <DIR> --d----- c:\windows\Logs
2008-12-25 10:50 <DIR> --d----- c:\program files\Firaxis Games
2008-12-24 13:26 101 a------- c:\windows\CTWave32.ini
2008-12-24 12:59 72 a------- c:\windows\sbwin.ini
2008-12-23 10:36 4,391 a------- C:\logfile
2008-12-23 10:35 <DIR> --d----- c:\windows\system32\BWKDLogs
2008-12-23 10:33 <DIR> --d----- c:\program files\Kodak
2008-12-23 10:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kodak
2008-12-20 23:01 2,297,552 a------- c:\windows\system32\d3dx9_26.dll
2008-12-16 21:21 <DIR> --d----- c:\documents and settings\kelso\OkiData
2008-12-16 21:20 <DIR> --d----- c:\program files\Okidata
2008-12-08 22:55 <DIR> --d----- c:\program files\uTorrent
2008-12-08 18:57 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-06 17:14 <DIR> --d----- C:\170e84459bfd26a764d7c5ac453a77d5
2008-12-06 17:07 <DIR> --d----- c:\program files\Yahoo!
2008-12-06 17:02 <DIR> --d----- c:\program files\CleanMyPC
2008-12-06 16:40 <DIR> --d----- c:\docume~1\kelso\applic~1\Uniblue

==================== Find3M ====================

2008-12-04 20:35 27,344 a------- c:\windows\system32\GDIPFONTCACHEV1.DAT
2008-11-10 12:23 243,840 a------- c:\windows\system32\ZuneWlanCfgSvc.exe
2008-11-10 12:23 60,032 a------- c:\windows\system32\ZuneBusEnum.exe
2008-11-10 12:09 73,728 a------- c:\windows\system32\ZuneUsbTransport.dll
2008-11-10 12:09 18,944 a------- c:\windows\system32\ZuneTcp2Udp.dll
2008-11-10 12:09 57,344 a------- c:\windows\system32\ZuneRegUtil.dll
2008-11-10 12:09 12,800 a------- c:\windows\system32\ZunePTDNS.dll
2008-11-10 12:09 310,272 a------- c:\windows\system32\ZuneNetProxy.dll
2008-11-10 12:09 145,920 a------- c:\windows\system32\ZuneMTPZ.dll
2008-11-10 12:09 40,832 a------- c:\windows\system32\drivers\zumbus.sys
2008-10-29 15:07 47,104 a------- c:\windows\system32\KMVIDC32.DLL
2008-10-27 10:04 514,384 a------- c:\windows\system32\XAudio2_3.dll
2008-10-27 10:04 235,856 a------- c:\windows\system32\xactengine3_3.dll
2008-10-27 10:04 23,376 a------- c:\windows\system32\X3DAudio1_5.dll
2008-10-27 10:04 70,992 a------- c:\windows\system32\XAPOFX1_2.dll
2008-10-23 20:50 22,600 a------- c:\docume~1\kelso\applic~1\GDIPFONTCACHEV1.DAT
2008-10-23 05:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-16 13:38 826,368 a------- c:\windows\system32\wininet.dll
2008-10-10 04:52 4,379,984 a------- c:\windows\system32\D3DX9_40.dll
2008-10-10 04:52 2,036,576 a------- c:\windows\system32\D3DCompiler_40.dll
2008-10-10 04:52 452,440 a------- c:\windows\system32\d3dx10_40.dll
2008-08-04 17:19 0 ac------ c:\documents and settings\kelso\jagex_runescape_preferences.dat
2008-07-07 18:06 81,920 a------- c:\docume~1\kelso\applic~1\ezpinst.exe
2008-07-07 18:06 47,360 a------- c:\docume~1\kelso\applic~1\pcouffin.sys
2008-06-29 00:21 926 a--sh--- c:\windows\system32\cIllmnmp.ini2
2008-07-06 21:11 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008070620080707\index.dat

============= FINISH: 15:23:44.42 ===============

BC AdBot (Login to Remove)

 


#2 Impending_Sleep

Impending_Sleep
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 05 January 2009 - 05:33 PM

No one...? :-/

#3 Impending_Sleep

Impending_Sleep
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 06 January 2009 - 09:57 PM

bump

#4 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:06:50 AM

Posted 11 January 2009 - 06:47 AM

Hello Impending Sleep and welcome to Bleeping Computer,

Sorry for the delay, but the forum really has been swamped lately.

Please download ComboFix from one of the locations below, and save it to your Desktop.

Link
Link
Link

Double click the ComboFix icon to run it.
If ComboFix askes you to install the Recovery Console, please do so..
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you.
Once the Recovery Console is installed, continue with the malware scan.

Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbsup:

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users